Extreme programming explained: embrace change
Extreme programming explained: embrace change
Agile Software Development with Scrum
Agile Software Development with Scrum
Strengthening the Case for Pair Programming
IEEE Software
Integrating Security into Agile Development Methods
HICSS '05 Proceedings of the Proceedings of the 38th Annual Hawaii International Conference on System Sciences - Volume 07
Towards agile security assurance
NSPW '04 Proceedings of the 2004 workshop on New security paradigms
Software Security: Building Security In
Software Security: Building Security In
Applying the Common Criteria in Systems Engineering
IEEE Security and Privacy
Adopting an Enterprise Software Security Framework
IEEE Security and Privacy
A Comparison of the Common Criteria with Proposals of Information Systems Security Requirements
ARES '06 Proceedings of the First International Conference on Availability, Reliability and Security
Extending XP practices to support security requirements engineering
Proceedings of the 2006 international workshop on Software engineering for secure systems
The Security Development Lifecycle
The Security Development Lifecycle
Open source software peer review practices: a case study of the apache server
Proceedings of the 30th international conference on Software engineering
Evaluating the cost reduction of static code analysis for software security
Proceedings of the third ACM SIGPLAN workshop on Programming languages and analysis for security
Integrating software development security activities with agile methodologies
AICCSA '08 Proceedings of the 2008 IEEE/ACS International Conference on Computer Systems and Applications
Probability and Statistics with R
Probability and Statistics with R
Protection Poker: The New Software Security "Game";
IEEE Security and Privacy
Prioritizing countermeasures through the countermeasure method for software security (CM-Sec)
PROFES'10 Proceedings of the 11th international conference on Product-Focused Software Process Improvement
| Hi-index | 0.00 |
Agile software development has been used by industry to create a more flexible and lean software development process, i.e making it possible to develop software at a faster rate and with more agility during development. There are however concerns that the higher development pace and lack of documentation are creating less secure software. We have therefore looked at three known Security Engineering processes, Microsoft SDL, Cigatel touchpoints and Common Criteria and identified what specific security activities they performed. We then compared these activities with an Agile development process that is used in industry. Developers, from a large telecommunication manufacturer, were interviewed to learn their impressions on using these security activities in an agile development process. We produced a security enhanced Agile development process that we present in this paper. This new Agile process use activities from already established security engineering processes that provide the benefit the developers wanted but did not hinder or obstruct the Agile process in a significant way.